[dm-crypt] Encrypt all partitions with dm-crypt

Matthew Monaco matt at 0x01b.net
Sat Sep 15 03:10:37 CEST 2012


On 09/14/2012 07:09 PM, Matthew Monaco wrote:
> On 09/14/2012 06:52 PM, Stayvoid wrote:
>> Arno,
>>
>> I'm not sure that I got the idea. How to access encrypted partitions after
>> booting? And how to unmount / encrypt / temporary disable them? (I hope that
>> my terminology is clear.) In other words, what's the usage pattern?
>>
> 
> Assuming you've run luksFormat on some block device (/dev/sda2), and you're
> booted into your initrd.
> 
> # cryptsetup luksOpen /dev/sda2 root
> 
> will create a new block device at /dev/mapper/root.
> 
> So you've used the kernel device mapper to map one block device into another
> block device. You then proceed with /dev/mapper/root as if it's another other
> block device.
> 

Sorry, I meant "any other" block device.

> So you (or your distro rather) needs to do something like
> 
> # mount /dev/mapper/root /mnt
> # switch_root /mnt /sbin/init
> 
> The distribution you use will affect exactly how you configure this because it's
> not standard. (It'd be great if cryptsetup at least provided some sort of
> reference parser for /etc/crypttab, but they feel it's out of scope, so this
> standardization is being done by systemd. That said, root [and /usr] is going to
> be a little different than everything else)
> 



More information about the dm-crypt mailing list